| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
to the comments in named.conf to describe to the user how to create it.
(named.conf does not use /etc/namedb/s by default anyway so us not
pre-created it in the mtree does not hurt us terribly).
|
|
|
|
| |
to handle new user id's in buildworld/installworld.
|
|
|
|
|
|
| |
Replace non-existent directory for operator with /
Supply by default operator with non-existent but can be created directory
and /bin/csh is kinda security risk
|
|
|
|
|
|
| |
mailbox contents. comsat instead simply prints that new mail is
available. Add appropriate comment to inetd.conf but leave comsat in
sandbox.
|
|
|
|
|
|
|
|
| |
Adjust rc.conf to run named in sandbox, adjust mtree to add /etc/namedb/s
subdirectory (user bind, group bind) to hold secondaries, adjust
comments in named.conf to reflect new secondary scheme. (Note that
core read-only zone files are left owned by root, increasing security even
more).
|
|
|
|
|
|
|
|
|
|
| |
adjustd inetd.conf to run comsat and ntalk from tty sandbox, and
the (commented out) ident from the kmem sandbox.
Note that it is necessary to give each group access it's own uid to
prevent programs running under a single uid from being able to gdb
or otherwise mess with other programs (with different group perms) running
under the same uid.
|
|
|
|
|
|
| |
`nfs_access_cache_timeout'.
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
|
|
|
|
|
| |
off.
Submitted by: jdp
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
methods used by login. Changes to "/usr/bin/login" to use it will
be committed later today. The format of the file is described in
pam(8).
This sample file makes login behave in the traditional way. To
wit, it enables authentication via S/Key and passwd/NIS lookups.
KerberosIV authentication is present in the sample file but commented
out.
As a safety net and a transition aid, login will fall back on
built-in passwd/NIS authentication if this configuration file is
missing or if some other fatal PAM error occurs.
This file will eventually replace "/etc/auth.conf", but not until
I've finished converting the other utilities, such as passwd and su.
|
|
|
|
|
| |
PR: conf/7054
Submitted by: Amakawa Shuhei <amakawa@sf.t.u-tokyo.ac.jp>
|
|
|
|
|
|
| |
header files go. I am not too happy about the name. But if we are
to have any hope of being able to use 3rd party PAM modules, we'll
have to live with it.
|
| |
|
|
|
|
| |
the NFS client's ACCESS cache.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
in ppp.linkdown.
|
| |
|
| |
|
|
|
|
|
| |
instead the public writable directory /tmp
PR: conf/8330
|
| |
|
|
|
|
| |
*ccd{0,1,2}* will be created.
|
|
|
|
| |
bpf{0,1,2} will be created.
|
| |
|
| |
|
|
|
|
|
|
|
| |
field separators.
PR: conf/8162
Submitted by: Sheldon Hearn <sheldonh@axl.training.iafrica.com>
|
| |
|
|
|
|
| |
is contoversial and may be removed later.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Disable building tickadj(8) by removing util from SUBDIR in the xntpd
Makefile. Note that the sources are still there and tickadj can still
be built and installed by doing:
# cd /usr/src/usr.sbin/xntpd/util
# make all install
There are enough references to tickadj in e.g. the xntpd documentation
(not to mention the sysctl variables it uses etc.) that I don't feel
up to implementing the final solution right now.
Kinda-approved-by: phk
|
|
|
|
|
| |
Reviewed by: phk
Submitted by: Mike Spengler <mks@networkcs.com>
|
|
|
|
| |
I will be following up with commits to use it in KerberosIV userland.
|
|
|
|
| |
Submitted by: Motoyuki Konno <motoyuki@snipe.rim.or.jp>
|
|
|
|
|
|
|
| |
interfaces.
Reviewed by: phk
Submitted by: Mike Spengler <mks@networkcs.com>
|
|
|
|
| |
the i386 disktab.
|
| |
|
|
|
|
|
|
|
|
| |
rwho iff /var/rwho is empty. Call `uptime' instead. This doesn't
belong under `network' right away, but at least reports the same
informaton about the local system. rwhod is not turned on by default
(for good reason), and i've already seen too many of the above
messages...
|
| |
|
|
|
|
| |
Add note, that one should use da*s* however.
|
| |
|
|
|
|
|
| |
runs only 3 simultaneous fingerd processes and
limit the connections-per-ip-per-minute to 10.
|
|
|
|
|
| |
SIGINT (C-c), you'll get control passed to the next script even if
the current one blocks signals. The child is not killed, though.
|
| |
|
|
|
|
|
| |
re-run mtree over this if they want to populate the compat dirs
during a build or that step will fall over.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
seem right to me.
Noticed by: jkb
|